vopono

vopono is a tool to run applications through VPN tunnels via temporary network namespaces. This allows you to run only a handful of applications through different VPNs whilst keeping your main connection as normal.

This is alpha software, currently only Mullvad, TigerVPN and PrivateInternetAccess are supported.

At the moment, both iptables and nftables are required.

Supported Providers

| Provider | OpenVPN support | Wireguard support | |-----------------------|-----------------|-------------------| | Mullvad | ✅ | ✅ | | PrivateInternetAccess | ✅ | ❌ | | TigerVPN | ✅ | ❌ |

Etymology

vopono is the pronunciation of the letters VPN in Esperanto.

Se vi ankaŭ parolas Esperanton, bonvolu serĉi min en la kanalo de Discord de Rust Programming Language Community.

Usage

Applications will be run as the current user by default (you can use sudo -u USERNAME program as the command to run as another user).

vopono will call sudo if required, it is recommended to run as the current user and let vopono call sudo so that the configuration directories are correctly inferred and the final command is not run as root.

Wireguard

For Mullvad, download the Wireguard connection configuration files (the wg-quick ones), and extract them to ~/.config/vopono/mv/wireguard/.

bash $ vopono exec --provider mullvad --server se --protocol wireguard "transmission-gtk"

OpenVPN

bash $ vopono exec --provider privateinternetaccess --server pl "curl ifconfig.co/country" Poland

You can also launch graphical applications like firefox, transmission-gtk, etc. - the network namespace will be cleaned up when the application is terminated. Note you may need to run them as your own user:

bash $ vopono exec --provider privateinternetaccess --server mexico "firefox"

Place your username and password in ~/.config/vopono/pia/openvpn/auth.txt - the username on the first line, and the password on the second (with a newline). Otherwise you will be prompted for your credentials.

Custom Providers

If you use another commercial VPN provider, please open a Pull Request here with the necessary configuration and serverlist.

For private VPN connections, you can use a custom provider, by passing the complete configuration file to vopono (i.e. an OpenVPN .ovpn config file or a Wireguard wg-quick .conf file).

bash $ vopono -v exec --custom ~/custom_wireguard.conf --protocol wireguard "firefox"

bash $ vopono -v exec --custom ./custom_openvpn.ovpn --protocol openvpn "firefox"

Note that in the OpenVPN case the command must be executed in the same directory as any accompanying files (CA certificates, authentication files, etc.) and the user authentication must be by file (OpenVPN will fail to request user and password otherwise, due to being launched in the background).

Firefox

Note if running multiple Firefox sessions, they need to run separate profiles in order to force Firefox to run them as separate processes.

Known issues

• OpenVPN output is not parsed - this means you need to read the output to ensure there are not authentication errors, etc.
• OpenVPN output is not muted - you will see the output from OpenVPN when you run your application, this a pain for command-line applications but since it is difficult to handle failures in OpenVPN overall I felt it was left to leave this enabled for now (for debugging).
• It is currently not possible to list running vopono network namespaces.
• OpenVPN credentials are always stored in plaintext in configuration - will add option to not store credentials soon, but it seems OpenVPN needs them provided in plaintext.
• Cannot set default VPN provider and server - will be added shortly.
• Configuration of OpenVPN connection is limited - support will be added for different keylengths, etc. in the future.
• Split iptables and nftables dependencies so user can choose one or the other.
• Server lists are maintained in the repo and there is no way to update them from vopono itself.

Installation

From this repository (with Cargo)

Run the install script provided: install.sh - this will cargo install the repository and copy over the configuration files to ~/.config/vopono/

License

vopono is licensed under the GPL Version 3.0 (or above), see the LICENSE file or https://www.gnu.org/licenses/gpl-3.0.en.html

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, will be licensed under the GPLv3 (or above), without any additional terms or conditions.